<?php
/*
    Authors and license
*/

include_once(dirname(__FILE__).'/../../libraries/security.php');
include_once(dirname(__FILE__).'/message_sql.php');

if(isset($_SESSION['logged'])) // user logged in?
{
	$id = $_SESSION['id']; // grab user id to sql querry
	
	if(isset($_POST['edit_sent'])){
				
		$to_id = grabUserIdFromLogin(clear($_POST['name']));
		
		if($to_id == 0) {
			echo '<h2>'.$lang_message_create_new.'</h2>';
			echo '<label>'.$lang_message_no_adress.'</label>';
			backButton();
		}
		else if(clear($_POST['title'])=="") {
			echo '<h2>'.$lang_message_create_new.'</h2>';
			echo '<label>'.$lang_message_no_title.'</label>';
			backButton();
		}
		else if(clear($_POST['text'])=="") {
			echo '<h2>'.$lang_message_create_new.'</h2>';
			echo '<label>'.$lang_message_no_text.'</label>';
			backButton();
		}
		else {			
			addNewMessage($id, $to_id, clear($_POST['title']), clear($_POST['text']));
			echo '<h2>'.$lang_message_create_new.'</h2>';
			echo '<label>'.$lang_message_sent_correct.'</label>';
		}
	}	
	else {	

		if(isset($_GET['to'])) $to = clear($_GET['to']);
			else $to = '';
			
		if(isset($_GET['title'])) $to = clear($_GET['title']);
			else $title = '';
	
		if(isset($_GET['text'])) $to = clear($_GET['text']);
			else $text = '';
	
		echo '<h2>'.$lang_message_create_new.'</h2>';
		
		printMessageForm($to,$title,$text); // printing form with some standard options to edit		
	}	
}
//  if user is not logged in nothing realy should be done. Just no efect.
?>